Compare commits
9 commits
Author | SHA1 | Date | |
---|---|---|---|
2e10714a79 | |||
9b5e1d78fa | |||
e86b17094b | |||
1d40950604 | |||
9820ae62e8 | |||
c6ac61aa53 | |||
7daa55ef98 | |||
76f76a0ca4 | |||
8bcc0af539 |
10 changed files with 235 additions and 0 deletions
|
@ -1,3 +1,6 @@
|
||||||
|
import ipaddress
|
||||||
|
from operator import attrgetter
|
||||||
|
|
||||||
import dns.name
|
import dns.name
|
||||||
|
|
||||||
|
|
||||||
|
@ -5,9 +8,33 @@ class FilterModule:
|
||||||
def filters(self):
|
def filters(self):
|
||||||
return {
|
return {
|
||||||
"remove_domain_suffix": remove_domain_suffix,
|
"remove_domain_suffix": remove_domain_suffix,
|
||||||
|
"ipaddr_sort": ipaddr_sort,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
def remove_domain_suffix(name):
|
def remove_domain_suffix(name):
|
||||||
parent = dns.name.from_text(name).parent()
|
parent = dns.name.from_text(name).parent()
|
||||||
return parent.to_text()
|
return parent.to_text()
|
||||||
|
|
||||||
|
|
||||||
|
def ipaddr_sort(addrs, types, unknown_after=True):
|
||||||
|
check_types = {
|
||||||
|
"global": attrgetter("is_global"),
|
||||||
|
"link-local": attrgetter("is_link_local"),
|
||||||
|
"loopback": attrgetter("is_loopback"),
|
||||||
|
"multicast": attrgetter("is_multicast"),
|
||||||
|
"private": attrgetter("is_private"),
|
||||||
|
"reserved": attrgetter("is_reserved"),
|
||||||
|
"site_local": attrgetter("is_site_local"),
|
||||||
|
"unspecified": attrgetter("is_unspecified"),
|
||||||
|
}
|
||||||
|
|
||||||
|
def addr_weight(addr):
|
||||||
|
if isinstance(addr, str):
|
||||||
|
addr = ipaddress.ip_address(addr.split("/")[0])
|
||||||
|
for index, ty in enumerate(types):
|
||||||
|
if check_types[ty](ipaddress.ip_address(addr)):
|
||||||
|
return index
|
||||||
|
return len(types) if unknown_after else -1
|
||||||
|
|
||||||
|
return sorted(addrs, key=addr_weight)
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
- 1.pool.ntp.org
|
- 1.pool.ntp.org
|
||||||
- 2.pool.ntp.org
|
- 2.pool.ntp.org
|
||||||
- 3.pool.ntp.org
|
- 3.pool.ntp.org
|
||||||
|
chronyd__local_stratum: 10
|
||||||
roles:
|
roles:
|
||||||
- chronyd
|
- chronyd
|
||||||
|
|
||||||
|
|
32
playbooks/keepalived.yml
Executable file
32
playbooks/keepalived.yml
Executable file
|
@ -0,0 +1,32 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- isp-1.rtr.infra.auro.re
|
||||||
|
- isp-2.rtr.infra.auro.re
|
||||||
|
vars:
|
||||||
|
keepalived__virtual_router_id: 80
|
||||||
|
keepalived__interface: ens18
|
||||||
|
keepalived__virtual_addresses:
|
||||||
|
client-0:
|
||||||
|
- 100.64.0.1/27
|
||||||
|
- 2a09:6841::/56
|
||||||
|
- fe80::1/10
|
||||||
|
client-1:
|
||||||
|
- 100.64.0.33/27
|
||||||
|
- 2a09:6841:0:100::/56
|
||||||
|
- fe80::1/10
|
||||||
|
client-2:
|
||||||
|
- 100.64.0.65/27
|
||||||
|
- 2a09:6841:0:100::/56
|
||||||
|
- fe80::1/10
|
||||||
|
client-3:
|
||||||
|
- 100.64.0.97/27
|
||||||
|
- 2a09:6841:0:200::/56
|
||||||
|
- fe80::1/10
|
||||||
|
client-4:
|
||||||
|
- 100.64.0.129/27
|
||||||
|
- 2a09:6841:0:300::/56
|
||||||
|
- fe80::1/10
|
||||||
|
roles:
|
||||||
|
- keepalived
|
||||||
|
...
|
|
@ -3,7 +3,9 @@ chronyd__pools: []
|
||||||
chronyd__key_file: /etc/chrony/chrony.keys
|
chronyd__key_file: /etc/chrony/chrony.keys
|
||||||
chronyd__drift_file: /var/lib/chrony/chrony.drift
|
chronyd__drift_file: /var/lib/chrony/chrony.drift
|
||||||
chronyd__nts_dump_dir: /var/lib/chrony
|
chronyd__nts_dump_dir: /var/lib/chrony
|
||||||
|
chronyd__log_dir: /var/log/chrony
|
||||||
chronyd__max_update_skew: 100.0
|
chronyd__max_update_skew: 100.0
|
||||||
chronyd__rtcsync: true
|
chronyd__rtcsync: true
|
||||||
chronyd__allow_networks: []
|
chronyd__allow_networks: []
|
||||||
|
chronyd__log_change_seconds: 0.5
|
||||||
...
|
...
|
||||||
|
|
|
@ -7,6 +7,7 @@ pool {{ pool }} iburst
|
||||||
keyfile {{ chronyd__key_file }}
|
keyfile {{ chronyd__key_file }}
|
||||||
driftfile {{ chronyd__drift_file }}
|
driftfile {{ chronyd__drift_file }}
|
||||||
ntsdumpdir {{ chronyd__nts_dump_dir }}
|
ntsdumpdir {{ chronyd__nts_dump_dir }}
|
||||||
|
logdir {{ chronyd__log_dir }}
|
||||||
|
|
||||||
log tracking measurements statistics
|
log tracking measurements statistics
|
||||||
|
|
||||||
|
@ -16,6 +17,12 @@ maxupdateskew {{ chronyd__max_update_skew | float }}
|
||||||
rtcsync
|
rtcsync
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if chronyd__local_stratum is defined %}
|
||||||
|
local stratum {{ chronyd__local_stratum | int }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
logchange {{ chronyd__log_change_seconds | float }}
|
||||||
|
|
||||||
leapsectz right/UTC
|
leapsectz right/UTC
|
||||||
|
|
||||||
{% for network in chronyd__allow_networks %}
|
{% for network in chronyd__allow_networks %}
|
||||||
|
|
7
roles/keepalived/defaults/main.yml
Normal file
7
roles/keepalived/defaults/main.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
keepalived__virtual_addresses: {}
|
||||||
|
keepalived__notify_master: []
|
||||||
|
keepalived__notify_backup: []
|
||||||
|
keepalived__notify_fault: []
|
||||||
|
keepalived__max_auto_priority: -1
|
||||||
|
...
|
6
roles/keepalived/handlers/main.yml
Normal file
6
roles/keepalived/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: Reload keepalived
|
||||||
|
systemd:
|
||||||
|
name: keepalived.service
|
||||||
|
state: reloaded
|
||||||
|
...
|
28
roles/keepalived/tasks/main.yml
Normal file
28
roles/keepalived/tasks/main.yml
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
- name: Install keepalived
|
||||||
|
apt:
|
||||||
|
name: keepalived
|
||||||
|
|
||||||
|
- name: Configure keepalived
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "{{ item.mode }}"
|
||||||
|
loop:
|
||||||
|
- src: keepalived.conf.j2
|
||||||
|
dest: /etc/keepalived/keepalived.conf
|
||||||
|
mode: u=rw,g=,o=
|
||||||
|
- src: notify.sh.j2
|
||||||
|
dest: /etc/keepalived/notify.sh
|
||||||
|
mode: u=rwx,g=,o=
|
||||||
|
notify:
|
||||||
|
- Reload keepalived
|
||||||
|
|
||||||
|
- name: Enable and start keepalived
|
||||||
|
systemd:
|
||||||
|
name: keepalived
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
...
|
92
roles/keepalived/templates/keepalived.conf.j2
Normal file
92
roles/keepalived/templates/keepalived.conf.j2
Normal file
|
@ -0,0 +1,92 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
global_defs {
|
||||||
|
dynamic_interfaces
|
||||||
|
script_user root
|
||||||
|
enable_script_security
|
||||||
|
vrrp_version 3
|
||||||
|
{% if keepalived__max_auto_priority is defined %}
|
||||||
|
max_auto_priority {{ keepalived__max_auto_priority | int }}
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
{%
|
||||||
|
set ipv4_enabled =
|
||||||
|
keepalived__ipv4_enabled
|
||||||
|
| default(keepalived__virtual_addresses.values()
|
||||||
|
| flatten | ansible.utils.ipv4)
|
||||||
|
%}
|
||||||
|
{%
|
||||||
|
set ipv6_enabled =
|
||||||
|
keepalived__ipv6_enabled
|
||||||
|
| default(keepalived__virtual_addresses.values()
|
||||||
|
| flatten | ansible.utils.ipv6)
|
||||||
|
%}
|
||||||
|
|
||||||
|
{% if ipv4_enabled and ipv6_enabled %}
|
||||||
|
vrrp_sync_group group {
|
||||||
|
group {
|
||||||
|
{% if ipv4_enabled %}
|
||||||
|
instance_v4
|
||||||
|
{% endif %}
|
||||||
|
{% if ipv6_enabled %}
|
||||||
|
instance_v6
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
notify_master "/etc/keepalived/notify.sh master"
|
||||||
|
notify_backup "/etc/keepalived/notify.sh backup"
|
||||||
|
notify_fault "/etc/keepalived/notify.sh fault"
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if ipv4_enabled %}
|
||||||
|
vrrp_instance instance_v4 {
|
||||||
|
virtual_router_id {{ keepalived__virtual_router_id | int }}
|
||||||
|
interface {{ keepalived__interface }}
|
||||||
|
state BACKUP
|
||||||
|
priority 250
|
||||||
|
nopreempt
|
||||||
|
advert_int 1
|
||||||
|
accept
|
||||||
|
virtual_ipaddress {
|
||||||
|
{% for dev, addresses in keepalived__virtual_addresses.items() %}
|
||||||
|
{% for address in addresses %}
|
||||||
|
{% if address | ansible.utils.ipv4 %}
|
||||||
|
{{ address }} dev {{ dev }}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
{% if not (ipv4_enabled and ipv6_enabled) %}
|
||||||
|
notify_master "/etc/keepalived/notify.sh master"
|
||||||
|
notify_backup "/etc/keepalived/notify.sh backup"
|
||||||
|
notify_fault "/etc/keepalived/notify.sh fault"
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if ipv6_enabled %}
|
||||||
|
vrrp_instance instance_v6 {
|
||||||
|
virtual_router_id {{ keepalived__virtual_router_id | int }}
|
||||||
|
interface {{ keepalived__interface }}
|
||||||
|
state BACKUP
|
||||||
|
priority 250
|
||||||
|
nopreempt
|
||||||
|
advert_int 1
|
||||||
|
accept
|
||||||
|
virtual_ipaddress {
|
||||||
|
{% for dev, addresses in keepalived__virtual_addresses.items() %}
|
||||||
|
{% for address in addresses | ipaddr_sort(["link-local"]) %}
|
||||||
|
{% if address | ansible.utils.ipv6 %}
|
||||||
|
{{ address }} dev {{ dev }}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
{% if not (ipv4_enabled and ipv6_enabled) %}
|
||||||
|
notify_master "/etc/keepalived/notify.sh master"
|
||||||
|
notify_backup "/etc/keepalived/notify.sh backup"
|
||||||
|
notify_fault "/etc/keepalived/notify.sh fault"
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
{% endif %}
|
33
roles/keepalived/templates/notify.sh.j2
Normal file
33
roles/keepalived/templates/notify.sh.j2
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
master=(
|
||||||
|
{% for notify in keepalived__notify_master %}
|
||||||
|
{{ notify | quote }}
|
||||||
|
{% endfor %}
|
||||||
|
)
|
||||||
|
|
||||||
|
backup=(
|
||||||
|
{% for notify in keepalived__notify_backup %}
|
||||||
|
{{ notify | quote }}
|
||||||
|
{% endfor %}
|
||||||
|
)
|
||||||
|
|
||||||
|
fault=(
|
||||||
|
{% for notify in keepalived__notify_fault %}
|
||||||
|
{{ notify | quote }}
|
||||||
|
{% endfor %}
|
||||||
|
)
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
master | backup | fault)
|
||||||
|
scripts="$1[@]"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Usage: $0 (master|backup|fault)" >&2
|
||||||
|
exit 1
|
||||||
|
esac
|
||||||
|
|
||||||
|
for script in "${!scripts}"
|
||||||
|
do
|
||||||
|
eval "${script}"
|
||||||
|
done
|
Loading…
Reference in a new issue